Level 3

Solved

how does aem prevents sql injection?

Forum|Forum|3 years ago
April 27, 2022
5 replies
3670 views

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by BrianKasingli

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

Bhuwan_B

Community Advisor

@shikhasoni1 Please refer to below Community URL to get understanding of AEM Security Best Practices:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-best-practices-awakening-to-the-need-for-better/td-p/449600

Anish-Sinha

Adobe Employee

refer this for the techniques to prevent sql injections - https://labs.tadigital.com/index.php/2018/11/05/sql-injections-overview-and-prevention-techniques/

arunpatidar

Community Advisor

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

Arun Patidar

sourcedcode

Level 2

.

BrianKasingli

Accepted solution

Community Advisor and Adobe Champion

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

maryani

Level 2

Hi

How can we prevent blind XPath injection for an AEM page??

Thanks

K

KiranVe1

I have got a similar vulnerbility in our latest report. Did you find any solution for this?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded